ASAP: Automatic Semantics-Aware Analysis of Network Payloads
Tammo Krueger, Nicole Krämer and Konrad Rieck
In: ECML Workshop on Privacy and Security Issues in Data Mining and Machine Learning (PSDML), Sep 2010, Barcelona, Spain.
Automatic inspection of network payloads is a prerequisite for effective analysis of network communication. Security research has
largely focused on network analysis using protocol specifications, for example for intrusion detection, fuzz testing and forensic analysis. The specification of a protocol alone, however, is often not sufficient for accurate analysis of communication, as it fails to reflect individual semantics of network applications. We propose a framework for semantics-aware
analysis of network payloads which automatically extracts semantics-aware components from recorded network traﬃc. Our method proceeds by mapping network payloads to a vector space and identifying communication templates corresponding to base directions in the vector space. We demonstrate the efficacy of semantics-aware analysis in different security applications: automatic discovery of patterns in honeypot data, analysis of malware communication and network intrusion detection.
|EPrint Type:||Conference or Workshop Item (Paper)|
|Project Keyword:||Project Keyword UNSPECIFIED|
|Subjects:||Theory & Algorithms|
|Deposited By:||Konrad Rieck|
|Deposited On:||17 March 2011|